Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin

2022-05-2417:03:47

Google

osv.dev

0.001 Low

EPSS

Percentile

34.9%

JSON

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn’t interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

CPENameOperatorVersion
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.13.2
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.23.1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.22.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.24.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.23.0-beta-1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.6.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.5.1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.9.1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.4.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzereq1.17.1

Name	Operator	Version
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.13.2
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.23.1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.22.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.24.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.23.0-beta-1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.6.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.5.1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.9.1
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.4.0
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer	eq	1.17.1